CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/11/12 12:36 a.m.•10 views

CVE-2025-42895

Due to insufficient validation of connection property values, the SAP HANA JDBC Client allows a high-privilege locally authenticated user to supply crafted parameters that lead to unauthorized code loading, resulting in low impact on confidentiality and integrity and high impact on availability o...

6.9CVSS6.7AI score0.00017EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-38714

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.00101EPSS

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-24162

Malicious code in bioql PyPI...

4.8CVSS6.4AI score0.00117EPSS

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-12593

Malicious code in bioql PyPI...

4.8CVSS6.2AI score0.00288EPSS

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-17596

Malicious code in bioql PyPI...

6.7CVSS6.6AI score0.00527EPSS

Exploits0References3

Vulnrichment•added 2025/06/10 12:13 a.m.•3 views

CVE-2025-42993 Missing Authorization Check in SAP S/4HANA (Enterprise Event Enablement)

Due to a missing authorization check vulnerability in SAP S/4HANA Enterprise Event Enablement, an attacker with access to the Inbound Binding Configuration could create an RFC destination and assign an arbitrary high-privilege user. This allows the attacker to consume events via the RFC...

6.7CVSS6.8AI score0.00527EPSS

RedhatCVE•added 2025/05/23 3:56 a.m.•8 views

CVE-2023-34672

Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role within the admin profile. An attack could occur over the public Internet in some cases...

8.8CVSS6.8AI score0.00101EPSS

Exploits1References1

NVD•added 2023/10/16 8:15 p.m.•9 views

CVE-2023-4862

The File Manager Pro WordPress plugin before 1.8.1 does not adequately validate and escape some inputs, leading to XSS by high-privilege users...

4.8CVSS4.9AI score0.00086EPSS

NVD•added 2023/06/23 7:15 p.m.•6 views

CVE-2023-34672

8.8CVSS8.6AI score0.00101EPSS

Prion•added 2023/06/23 7:15 p.m.•15 views

Improper access control

6.5CVSS8.5AI score0.00101EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2023/06/23 12:0 a.m.•6 views

CVE-2023-34672

6.8AI score0.00101EPSS

Cvelist•added 2023/06/23 12:0 a.m.•12 views

CVE-2023-34672

8.8AI score0.00101EPSS

Cvelist•added 2023/04/10 1:18 p.m.•16 views

CVE-2023-0874 Klaviyo <= 3.0.10 - Admin+ Stored XSS

The Klaviyo WordPress plugin before 3.0.10 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00207EPSS

Cvelist•added 2023/02/27 3:24 p.m.•15 views

CVE-2023-0543 Arigato Autoresponder and Newsletter < 2.1.7.2 - Admin+ Stored XSS

The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5AI score0.00207EPSS

NVD•added 2022/11/17 10:15 p.m.•11 views

CVE-2022-44725

OPC Foundation Local Discovery Server LDS through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS running as a high-privilege user...

7.8CVSS0.00078EPSS

Cvelist•added 2022/11/17 12:0 a.m.•15 views

CVE-2022-44725

7.7AI score0.00078EPSS